Executive Summary
Summary | |
---|---|
Title | Firefox vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-1786-1 | First vendor Publication | 2013-04-04 |
Vendor | Ubuntu | Last vendor Modification | 2013-04-04 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS Summary: Firefox could be made to crash or run programs as your login if it opened a malicious website. Software Description: - firefox: Mozilla Open Source web browser Details: Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, Joe Drew, Andrew McCreight, Randell Jesup, Gary Kwong and Mats Palmgren discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0788, CVE-2013-0789) Ambroz Bizjak discovered an out-of-bounds array read in the CERT_DecodeCertPackage function of the Network Security Services (NSS) libary when decoding certain certificates. An attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2013-0791) Tobias Schula discovered an information leak in Firefox when the gfx.color_management.enablev4 preference is enabled. If the user were tricked into opening a specially crafted image, an attacker could potentially exploit this to steal confidential data. By default, the gfx.color_management.enablev4 preference is not enabled in Ubuntu. (CVE-2013-0792) Mariusz Mlynski discovered that timed history navigations could be used to load arbitrary websites with the wrong URL displayed in the addressbar. An attacker could exploit this to conduct cross-site scripting (XSS) or phishing attacks. (CVE-2013-0793) It was discovered that the origin indication on tab-modal dialog boxes could be removed, which could allow an attacker's dialog to be displayed over another sites content. An attacker could exploit this to conduct phishing attacks. (CVE-2013-0794) Cody Crews discovered that the cloneNode method could be used to bypass System Only Wrappers (SOW) to clone a protected node and bypass same-origin policy checks. An attacker could potentially exploit this to steal confidential data or execute code with the privileges of the user invoking Firefox. (CVE-2013-0795) A crash in WebGL rendering was discovered in Firefox. An attacker could potentially exploit this to execute code with the privileges of the user invoking Firefox. This issue only affects users with Intel graphics drivers. (CVE-2013-0796) Abhishek Arya discovered an out-of-bounds write in the Cairo graphics library. An attacker could potentially exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-0800) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: Ubuntu 12.04 LTS: Ubuntu 11.10: Ubuntu 10.04 LTS: After a standard system update you need to restart Firefox to make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-1786-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-264 | Permissions, Privileges, and Access Controls |
25 % | CWE-200 | Information Exposure |
25 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
25 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:16182 | |||
Oval ID: | oval:org.mitre.oval:def:16182 | ||
Title: | DEPRECATED: The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors. | ||
Description: | The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0796 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16629 | |||
Oval ID: | oval:org.mitre.oval:def:16629 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0788 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16842 | |||
Oval ID: | oval:org.mitre.oval:def:16842 | ||
Title: | The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. | ||
Description: | The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0795 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16909 | |||
Oval ID: | oval:org.mitre.oval:def:16909 | ||
Title: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Description: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0800 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16928 | |||
Oval ID: | oval:org.mitre.oval:def:16928 | ||
Title: | Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing. | ||
Description: | Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0793 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17021 | |||
Oval ID: | oval:org.mitre.oval:def:17021 | ||
Title: | Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image. | ||
Description: | Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0792 | Version: | 13 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17065 | |||
Oval ID: | oval:org.mitre.oval:def:17065 | ||
Title: | Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site. | ||
Description: | Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0794 | Version: | 13 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17079 | |||
Oval ID: | oval:org.mitre.oval:def:17079 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and other vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0789 | Version: | 14 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17150 | |||
Oval ID: | oval:org.mitre.oval:def:17150 | ||
Title: | The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate. | ||
Description: | The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0791 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17889 | |||
Oval ID: | oval:org.mitre.oval:def:17889 | ||
Title: | USN-1786-1 -- firefox vulnerabilities | ||
Description: | Firefox could be made to crash or run programs as your login if it opened a malicious website. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1786-1 CVE-2013-0788 CVE-2013-0789 CVE-2013-0791 CVE-2013-0792 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18184 | |||
Oval ID: | oval:org.mitre.oval:def:18184 | ||
Title: | USN-1791-1 -- thunderbird vulnerabilities | ||
Description: | Several security issues were fixed in Thunderbird. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1791-1 CVE-2013-0788 CVE-2013-0791 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18278 | |||
Oval ID: | oval:org.mitre.oval:def:18278 | ||
Title: | USN-1786-2 -- unity-firefox-extension update | ||
Description: | This update provides a compatible version of Unity Firefox Extension for Firefox 20. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1786-2 CVE-2013-0788 CVE-2013-0789 CVE-2013-0791 CVE-2013-0792 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 7 |
Platform(s): | Ubuntu 12.10 | Product(s): | unity-firefox-extension |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21149 | |||
Oval ID: | oval:org.mitre.oval:def:21149 | ||
Title: | RHSA-2013:0696: firefox security update (Critical) | ||
Description: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0696-01 CESA-2013:0696 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 73 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21181 | |||
Oval ID: | oval:org.mitre.oval:def:21181 | ||
Title: | RHSA-2013:0697: thunderbird security update (Important) | ||
Description: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0697-01 CESA-2013:0697 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 73 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22867 | |||
Oval ID: | oval:org.mitre.oval:def:22867 | ||
Title: | DEPRECATED: ELSA-2013:0696: firefox security update (Critical) | ||
Description: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0696-01 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 26 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23187 | |||
Oval ID: | oval:org.mitre.oval:def:23187 | ||
Title: | DEPRECATED: ELSA-2013:0697: thunderbird security update (Important) | ||
Description: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0697-01 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 26 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23948 | |||
Oval ID: | oval:org.mitre.oval:def:23948 | ||
Title: | ELSA-2013:0697: thunderbird security update (Important) | ||
Description: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0697-01 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 25 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23978 | |||
Oval ID: | oval:org.mitre.oval:def:23978 | ||
Title: | ELSA-2013:0696: firefox security update (Critical) | ||
Description: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0696-01 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 25 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25607 | |||
Oval ID: | oval:org.mitre.oval:def:25607 | ||
Title: | SUSE-SU-2013:0843-1 -- Security update for Mozilla Firefox | ||
Description: | Mozilla Firefox has been updated to the 17.0.6ESR security release. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0843-1 CVE-2013-0788 CVE-2013-0800 CVE-2013-0799 CVE-2013-0797 CVE-2013-0796 CVE-2013-0795 CVE-2013-0794 CVE-2013-0793 CVE-2013-0792 CVE-2013-0791 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 10 SUSE Linux Enterprise Desktop 10 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:25842 | |||
Oval ID: | oval:org.mitre.oval:def:25842 | ||
Title: | SUSE-SU-2013:0842-1 -- Security update for Mozilla Firefox | ||
Description: | Mozilla Firefox has been updated to the17.0.6ESR security release. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0842-1 CVE-2013-0788 CVE-2013-0800 CVE-2013-0799 CVE-2013-0797 CVE-2013-0796 CVE-2013-0795 CVE-2013-0794 CVE-2013-0793 CVE-2013-0792 CVE-2013-0791 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27026 | |||
Oval ID: | oval:org.mitre.oval:def:27026 | ||
Title: | DEPRECATED: ELSA-2013-0696 -- firefox security update (critical) | ||
Description: | firefox [17.0.5-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.5-1] - Update to 17.0.5 ESR xulrunner [17.0.5-1.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.5-1] - Update to 17.0.5 ESR [17.0.3-3] - Added fix for rhbz#916180 - Wrong library directory reference in /usr/bin/xulrunner | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0696 CVE-2013-0796 CVE-2013-0800 CVE-2013-0795 CVE-2013-0788 CVE-2013-0793 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27364 | |||
Oval ID: | oval:org.mitre.oval:def:27364 | ||
Title: | DEPRECATED: ELSA-2013-0697 -- thunderbird security update (important) | ||
Description: | [17.0.5-1.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.5-1] - Update to 17.0.5 ESR | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0697 CVE-2013-0800 CVE-2013-0796 CVE-2013-0788 CVE-2013-0795 CVE-2013-0793 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_esx_VMSA-2013-0015_remote.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-0850-1.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-1181.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-574.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-400.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-309.nasl - Type : ACT_GATHER_INFO |
2013-12-06 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2013-0015.nasl - Type : ACT_GATHER_INFO |
2013-10-01 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-217.nasl - Type : ACT_GATHER_INFO |
2013-10-01 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-216.nasl - Type : ACT_GATHER_INFO |
2013-09-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201309-23.nasl - Type : ACT_GATHER_INFO |
2013-08-09 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130807_nss__nss_util__nss_softokn__and_nspr_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1144.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1144.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1144.nasl - Type : ACT_GATHER_INFO |
2013-08-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1135.nasl - Type : ACT_GATHER_INFO |
2013-08-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1135.nasl - Type : ACT_GATHER_INFO |
2013-08-06 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130805_nss_and_nspr_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-08-06 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1135.nasl - Type : ACT_GATHER_INFO |
2013-07-18 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-20130628-130702.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0696.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-0697.nasl - Type : ACT_GATHER_INFO |
2013-07-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2720.nasl - Type : ACT_GATHER_INFO |
2013-06-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2699.nasl - Type : ACT_GATHER_INFO |
2013-05-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-20130516-130517.nasl - Type : ACT_GATHER_INFO |
2013-05-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-20130516-130516.nasl - Type : ACT_GATHER_INFO |
2013-05-29 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox-20130516-8578.nasl - Type : ACT_GATHER_INFO |
2013-04-22 | Name : The remote Fedora host is missing a security update. File : fedora_2013-4871.nasl - Type : ACT_GATHER_INFO |
2013-04-16 | Name : The remote Fedora host is missing a security update. File : fedora_2013-4957.nasl - Type : ACT_GATHER_INFO |
2013-04-16 | Name : The remote Fedora host is missing a security update. File : fedora_2013-4983.nasl - Type : ACT_GATHER_INFO |
2013-04-09 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-20130404-130404.nasl - Type : ACT_GATHER_INFO |
2013-04-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1791-1.nasl - Type : ACT_GATHER_INFO |
2013-04-09 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox-20130404-8537.nasl - Type : ACT_GATHER_INFO |
2013-04-08 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_949764339c7411e2a9fcd43d7e0c7c02.nasl - Type : ACT_GATHER_INFO |
2013-04-05 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1786-2.nasl - Type : ACT_GATHER_INFO |
2013-04-05 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1786-1.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_5_esr.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_17_0_5_esr.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_20.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_5.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_1705_esr.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_20.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1705.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1705_esr.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Windows host contains a web browser that is potentially affected b... File : seamonkey_217.nasl - Type : ACT_GATHER_INFO |
2013-04-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0697.nasl - Type : ACT_GATHER_INFO |
2013-04-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0696.nasl - Type : ACT_GATHER_INFO |
2013-04-03 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130402_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-04-03 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130402_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-04-03 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-0697.nasl - Type : ACT_GATHER_INFO |
2013-04-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0696.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:01:46 |
|
2013-04-04 21:19:25 |
|
2013-04-04 21:17:23 |
|